唐诗宋词元曲查询 - 即刻数据
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will use your Jike API key to perform lookups. If configuration is changed to an untrusted API base URL, that key could be sent somewhere other than the default Jike API.
The script reads a Jike AppKey from configuration and appends it to API requests. This is expected for the stated service, but it is still credential use that depends on a trusted API endpoint.
API_BASE_URL = os.environ.get("JIKE_API_BASE_URL", "https://api.jikeapi.cn").rstrip("/") ... APPKEY_ENV_NAMES = ("JIKE_POETRY_QUERY_KEY", "JIKE_APPKEY") ... urlencode({**params, 'appkey': appkey})Use a dedicated Jike AppKey, prefer environment variables over command-line key passing, and leave JIKE_API_BASE_URL unset unless you intentionally trust the alternate endpoint.
You cannot easily verify from the provided metadata whether the package is officially maintained by the API provider.
No upstream source repository or verified package provenance is provided. This is not suspicious by itself, especially with no install script, but it limits independent verification.
Source: unknown
Install only if you trust the publisher or have reviewed the included code; for stronger assurance, compare it with an official source if available.